Conceptual architecture description model of information security management system

Abstract

The basic concepts and properties of the information security management system architecture are considered in view of the influence of the organization. This takes into account the impact of the organization on the specified system and correspondences between them. Therefore, architecture is represented by a set of elements, relationships between elements that have the necessary system properties. In addition, the focus is on defining the architecture of the each elements purpose and the correspondences between them to achieve the expected result of the information security management system. This result is interpreted as ensuring the confidentiality, integrity and availability of information based on the risk assessment results. The conceptual model for describing the architecture of the information security management system is based on ISO / IEC 42010 guidelines. This approach is important for understanding the practice of describing them. At the same time, this is consistent and allows one to interpret the information security management system as a human-created system. It may consist of hardware and software, data, people, processes, procedures, equipment. Therefore, the conceptual model for describing the architecture of an information security management system is reflected by such elements as architecture and architecture description; stakeholders and interests; presentation of architecture and perspective; models of architecture; elements and correspondences; justification of architecture. This approach allows one to isolate the elements of the information security management system, determine their purpose, and establish a relationship between them.